package com.ex.realm;

import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.util.Objects;

/**
 * @author longdeng
 * @Date 2019/10/12 20:11
 */
public class AuthFilter extends AuthorizationFilter {

    /**
     * 自定义权限认证流程
     *
     * @param servletRequest  请求
     * @param servletResponse 响应
     * @param o
     * @return
     * @throws Exception
     */
    @Override
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
        String value = servletRequest.getParameter("value");
        String[] permissions = (String[]) o;
        for (String permission : permissions
        ) {
            // 检测权限信息，并返回true | false
            if (Objects.equals(value, permission)) {
                return true;
            }
        }
        return false;
    }
}
